Want To Destroy Any Hope Of Serious Cybersecurity? Give The DOJ Its Desired Backdoor Wiretaps On All Communications

from the stupid-ideas dept

The Obama administration has supposedly been "considering" the latest version of the DOJ's plan to require backdoor wiretapping abilities in any form of digital communication. If you don't recall, the FBI asks for this basically every year. The latest version would lead to fines for any company that doesn't build in a backdoor wiretapping ability. We've been pointing out for quite some time that putting in such backdoors only makes us all less safe, because those with malicious intent will find and use those backdoors.

A new report has been released, put together by some of the best known technologists and security experts out there, saying that the plan, as being considered would effectively undermine any cybersecurity regime. At a time when the administration and Congress keep insisting that we need better cybersecurity, to undermine it all with wiretapping backdoors would be ridiculous. And let's not even begin discussing how this would play out if it passed and number one CISPA backer Mike Rogers then became head of the FBI.

Among the report's authors are names you might recognize, like Ed Felten, Peter Neumann, Bruce Schneier and Phil Zimmerman. You can read the full report (pdf) to see all the details. As Ed Felten told the NY Times:

“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report... “That’s a security vulnerability waiting to happen, as if we needed more,” he said.

Once again, all of this suggests that the efforts around "cybersecurity" have always been more of a cover story to try to make it easier for law enforcement to access data, rather than any legitimate effort at improving security.

Re:

Economic Development

As I was reading the attached article, it struck me. A vision. I am seeing various competing VOIP companies come up with a way to provide the suggested circumvention, patent their method, and then sue the fuck out of each other for using similar methods. Really...Obama is just trying to stimulate the economy.

What happens if I post code on my blog which uses encryption and has no back doors? In fact, my blog front page is currently sample code for an encrypted file container. It's not technically a product or something I'm selling. Would this new law then make it illegal to write sample code with no back doors? And couldn't one of my readers just take the back doors out if they have the code? Since I diligently comment my code, I would of course point the back doors out with comments. Or maybe code that demonstrates encryption then itself becomes illegal? It's a slippery slope.

Re:

Here is one for you. Create a chrome app for Gmail that encrypts your email and do it as open source. Nothing in the world can be done at that point. Back door gets put in ... branch, rinse, lather, repeat.

If Google uses chrome to grab your private keys, spy on your emails as you write them, or puts in hooks to insert code on your machine, end of all trust in one very large publicly traded company.

Criminal Access

the Reason governments don't care about providing back doors that they KNOW will be used by criminals is that they have more in common with each other (governments as rival criminal gangs) than they do with the pesky proles.

Re:

Re:

I once worked as a sysadmin. The joys of a Root type password in the wild. They are NOT thinking. There will be no way to change it once it becomes publicly known ... Complied in. No resets or changes at the endpoint possible. Update the software? Passwords and Protocols will be broken before they finish a nation wide update.

The people that came up with this idea ... think that rotary phones are a newfangled idea that will never catch on.

The experts of idiocy

There is nobody in the Federal government who understands how to deal with the VOIP stuff, emails, websites or other extraneous matters to do with 'wireless' communications. They're all grasping for a piece of the action, without knowing how it works.

They're ignorant and proud of it-but they're the first to grab power to control what they don't understand.

They're all convinced that the terrorists are infiltrating us by all these means when actually most terrorists aren't stupid enough to even dare go on most sites and announce "I are a terrorist, and am going to blow something up."

They're not that obvious to spot..but don't tell the government that-they're convinced 90% of the Internet is nothing but porn and terrorists plotting to take over the world.

Oh, by the way, giving these 'experts' the power to force backdoors will only lead to more insecurity, not less, because they don't know how to make it work properly.

They're dangerous with half-knowledge, assumed knowledge and no knowledge at all. Keep them away from it.

They can keep it up and I will cancel my internet, my cell phone, my cable TV and have nothing to do with satellites. I will go back to News Papers delivered to my home. I will watch only broadcast television and put my land line back in.
Then it will be just like the old days when the FBI only tried to infiltrate us and set us up in a sting. They can tap my land line and I will make up stuff to talk about. Gotta keep those guys busy listening.
Remember this is a huge country and there's lot of land where no one lives. It's easy to escape the city life. Just get on a bus, Gus, drive your car Lar, and get the hell out of there.
Everytime I think of our current government I think of Star Wars and the wise words of Princess Leia:
"The tighter your grip, the more star systems will slip through your fingers"

Re:

I will go back to News Papers delivered to my home. I will watch only broadcast television and

That is what the older, more reliable, system of control was all about. Instead of you being able to see 'citizen reports on the scene' of twitter and facebook comments you'd get what has been filtered to not be offensive to parties like advertisers or regulators.

put my land line back in.

You do understand that the phone companies are lobbying the FCC to get rid of POTS and have everyone be VOIP, right?

"We've been pointing out for quite some time that putting in such backdoors only makes us all less safe, because those with malicious intent will find and use those backdoors."

At some point the US Federal Government will be the ones with "malicious intent" and will "use those backdoors" in an abusive way. Lets face it they have a track record and it's the kind where they can't for security reasons share with congress or the public how many Americans were illegally spied on.

the back door would be a way of law enforcement regaining the control they haven't lost (but fear they will lose) but tell Congress thay have lost because the public want increased freedom and privacy. we all know what law enforcement agencies think about that, dont we? in fact, some law enforcement officers are so concerned about it, in order to prevent any recordings of it, they beat people to death!!

Job Assurance?

Perhaps they know this and want the back door for that reason. It'd give them an infinite loop of funding and power. Cyber security is terrible so we need more funding and power. They just love "homeland security" heads-I-win tails-you-lose logic. No attacks? Clearly we're doing our job properly. An attack? Clearly we aren't being given enough money/power/impunity.

Re: Job Assurance?

Of course, that's how US politics works these days. Just look at the grandstanding politicians who pop up every time some tragedy happens.

Nothing the DOJ does along these lines will make anyone safer. I've got RedPhone on CyanogenMod, and I'm just some random geek. I imagine any terrorist types would use communications channels which were at least as secure, if not more secure, than mine.

The DOJ is simply killing two birds with one stone here: spying on more people to give them more police state-type power, and creating a nice big target for "cyberhackers" (ugh) to hit so they can claim they need to go even further.

The implications are rather simple. A backdoor would need some sort of lvl0 security hash or something. Eventually those things will be broken and inevitably before it can be patched when it's broken some ill-willed individuals will use it to take control of the current iteration of the software before the company can hope to patch the hole generating masses of zombie computers.

Now imagine if those ill-willed people are the Chinese military...

They should be VERY afraid of giving anyone the key to build a cyber-nuke.